The Information Commissioner’s Office has turned the tables on the legal profession by warning barristers and solicitors that they risk hefty fines if they continue to flout data protection legislation.
The move follows a spate of incidents reported to the ICO involving members of the legal profession over the past three months, including the Treasury Solicitor’s Department, which provides legal services to the Government.
The information handled by barristers and solicitors is often very sensitive. This means the damage caused by a data breach could meet the statutory threshold for issuing a financial penalty, according to the ICO. Legal professionals will also often carry around large quantities of information in folders or files when taking them to or from court, and may store them at home. This can increase the risk of a data breach.
The ICO can serve a monetary penalty of up to £500,000 for a serious breach of the Data Protection Act provided the incident had the potential to cause substantial damage or substantial distress to affected individuals. In most cases these penalties are issued to companies or public authorities, but barristers and solicitors are generally classed as data controllers in their own right and are therefore legally responsible for the personal information they process.
Information Commissioner Christopher Graham, who is a non-executive lay representative of the Bar Standards Board, said: “[At 15], the number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling.
“It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach.”
The ICO has published some top tips to help barristers and solicitors look after the personal information they handle. “These measures will set them on the road to compliance and help them get the basics right,” said Graham.
Related stories
Treasury lawyers escape ICO fine
Govt fined £185k for IRA data gaffe
Red faces at MoJ for £140k data fine
Pitiful data fine triggers MoJ review
‘Chicken feed fines’ irk data chief
Lawyers in the dock over data leaks http://t.co/isBrr1kKGs #dataprotection #data http://t.co/DZocVlAKNS